The location of the PCRs differs from system to system. This
patch defines a new "--pcrs <filename>" option.
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
---
README | 2 +-
src/evmctl.c | 12 +++++++++++-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/README b/README
index 1c4bc7a..f9706f8 100644
--- a/README
+++ b/README
@@ -31,7 +31,7 @@ COMMANDS
ima_sign [--sigfile] [--key key] [--pass password] file
ima_verify file
ima_hash file
- ima_measurement [--key "key1, key2, ..."] file
+ ima_measurement [--key "key1, key2, ..."] [--pcrs <sysfs file>] file
ima_fix [-t fdsxm] path
sign_hash [--key key] [--pass password]
hmac [--imahash | --imasig ] file
diff --git a/src/evmctl.c b/src/evmctl.c
index f791a5b..310ff4e 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -112,6 +112,7 @@ static char *generation_str;
static char *caps_str;
static char *ima_str;
static char *selinux_str;
+static char *pcrs_sysfs;
static char *search_type;
static int recursive;
static int msize;
@@ -1258,7 +1259,11 @@ static int tpm_pcr_read(int idx, uint8_t *pcr, int len)
sprintf(pcr_str, "PCR-%d", idx);
- fp = fopen(pcrs, "r");
+
+ if (pcrs_sysfs)
+ fp = fopen(pcrs_sysfs, "r");
+ else
+ fp = fopen(pcrs, "r");
if (!fp) {
log_err("Unable to open %s\n", pcrs);
return -1;
@@ -1593,6 +1598,7 @@ static void usage(void)
" --ima use custom IMA signature for EVM\n"
" --selinux use custom Selinux label for EVM\n"
" --caps use custom Capabilities for EVM(unspecified: from FS, empty: do not use)\n"
+ " --pcrs specify local sysfs pcr file\n"
" -v increase verbosity level\n"
" -h, --help display this help and exit\n"
"\n");
@@ -1644,6 +1650,7 @@ static struct option opts[] = {
{"ima", 1, 0, 135},
{"selinux", 1, 0, 136},
{"caps", 2, 0, 137},
+ {"pcrs", 1, 0, 138},
{}
};
@@ -1792,6 +1799,9 @@ int main(int argc, char *argv[])
caps_str = optarg;
hmac_flags |= HMAC_FLAG_CAPS_SET;
break;
+ case 138:
+ pcrs_sysfs = optarg;
+ break;
case '?':
exit(1);
break;
--
2.7.4
